SAS 70 reports became more important due to the requirements of which act?

The main idea is that the Sarbanes-Oxley Act increased the emphasis on internal controls over financial reporting, which in turn made independent assurance about a service provider’s controls more crucial. SAS 70 reports were designed to document the controls at a service organization that could impact a user entity’s financial statements. Under Sarbanes-Oxley, management must assess and report on internal controls, and external auditors must attesta­tion those controls for public companies. When a public company relies on a third-party service provider to handle financial data or processing, the provider’s control environment directly affects the company’s financial reporting. A SAS 70 report (or its successor assurance reports) gives auditors and management the needed confidence about those controls, which is why these reports gained prominence. The other options aren’t driving this specific need: data privacy regulations like GDPR focus on protecting personal data, not on internal controls for financial reporting; the Federal Privacy Act addresses government records rather than private-sector financial reporting; and the Computer Fraud and Abuse Act targets cybercrime concepts rather than audit and reporting standards for service providers.